package com.atguigu.base;

import java.sql.*;

public class JDBCPrepared {
    public static void main(String[] args) throws Exception {
        Connection connection = DriverManager.getConnection("jdbc:mysql:///atguigu?user=root&password=mysqlmima");

        String name = "张三' or '1' = '1";
        String sql = "SELECT emp_id, emp_name, emp_salary, emp_age FROM t_emp WHERE emp_name = ?;";
        PreparedStatement preparedStatement = connection.prepareStatement(sql);
        preparedStatement.setString(1, name);

        System.out.println("执行的sql : " + preparedStatement);
        ResultSet resultSet = preparedStatement.executeQuery();

        String separator = "\t";
        while (resultSet.next()) {
            int emp_id = resultSet.getInt("emp_id");
            String emp_name = resultSet.getString("emp_name");
            double emp_salary = resultSet.getDouble("emp_salary");
            int emp_age = resultSet.getInt("emp_age");
            System.out.println(emp_id + separator + emp_name + separator + emp_salary + separator + emp_age);
        }

        resultSet.close();
        preparedStatement.close();
        connection.close();
    }
}
